Public C++ crypto API (#3569)

doc/architecture/cryptography.rst

@@ -110,9 +110,9 @@ Algorithms and Curves
 
 Authenticated encryption in CCF relies on AES256-GCM. Ledger authentication relies on Merkle trees using SHA2-256.
 
-Public-key certificates, signatures, and ephemeral Diffie-Hellman key exchanges all rely on elliptic curves (except for the encryption of ledger secrets shared between nodes and member recovery shares, which uses `RSA OAEP <https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding>`_). The supported curves are listed in `crypto/curve.h`:
+Public-key certificates, signatures, and ephemeral Diffie-Hellman key exchanges all rely on elliptic curves (except for the encryption of ledger secrets shared between nodes and member recovery shares, which uses `RSA OAEP <https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding>`_). The supported curves are listed in `curve.h`:
 
-    .. literalinclude:: ../../src/crypto/curve.h
+    .. literalinclude:: ../../include/ccf/crypto/curve.h
         :language: cpp
         :start-after: SNIPPET_START: supported_curves
         :end-before: SNIPPET_END: supported_curves

doc/build_apps/crypto.rst

@@ -7,7 +7,7 @@ For convenience, CCF provides access to commonly used cryptographic primitives t
 Hashing
 -------
 
-.. doxygenfunction:: crypto::SHA256(const std::vector<uint8_t> &data)
+.. doxygenfunction:: crypto::sha256(const std::vector<uint8_t> &data)
   :project: CCF
 
 .. doxygenClass:: crypto::HashProvider

include/ccf/crypto/curve.h

@@ -2,11 +2,12 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/md_type.h"
+#include "ccf/ds/enum_formatter.h"
 #include "ccf/ds/json.h"
-#include "ccf/ds/logger.h"
-#include "crypto/hash.h"
 
-#include <openssl/evp.h>
+#define FMT_HEADER_ONLY
+#include <fmt/format.h>
 #include <stdexcept>
 #include <string>
 

include/ccf/crypto/hash_bytes.h

@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the Apache 2.0 License.
+#pragma once
+
+#include <vector>
+
+namespace crypto
+{
+  using HashBytes = std::vector<uint8_t>;
+}

include/ccf/crypto/hash_provider.h

@@ -2,10 +2,10 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/hash_bytes.h"
 #include "ccf/crypto/md_type.h"
 #include "ccf/crypto/sha256_hash.h"
-#include "ds/buffer.h"
-#include "ds/hex.h"
+#include "ccf/ds/buffer.h"
 
 #include <array>
 #include <cstdint>
@@ -14,8 +14,6 @@
 
 namespace crypto
 {
-  using HashBytes = std::vector<uint8_t>;
-
   class HashProvider
   {
   public:
@@ -30,6 +28,9 @@ namespace crypto
     virtual ~HashProvider() = default;
   };
 
+  /** Create a default hash provider */
+  std::shared_ptr<HashProvider> make_hash_provider();
+
   // Incremental Hash Objects
   class ISha256Hash
   {
@@ -52,4 +53,7 @@ namespace crypto
       update_hash({d.data(), d.size()});
     }
   };
+
+  /** Create a default incremental SHA256 hash provider */
+  std::shared_ptr<ISha256Hash> make_incremental_sha256();
 }

include/ccf/crypto/hkdf.h

@@ -0,0 +1,18 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the Apache 2.0 License.
+#pragma once
+
+#include "ccf/crypto/md_type.h"
+
+#include <vector>
+
+namespace crypto
+{
+  /** Perform HKDF key derivation */
+  std::vector<uint8_t> hkdf(
+    MDType md_type,
+    size_t length,
+    const std::vector<uint8_t>& ikm,
+    const std::vector<uint8_t>& salt = {},
+    const std::vector<uint8_t>& info = {});
+}

include/ccf/crypto/key_pair.h

@@ -2,11 +2,11 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "curve.h"
-#include "hash.h"
-#include "pem.h"
-#include "public_key.h"
-#include "san.h"
+#include "ccf/crypto/curve.h"
+#include "ccf/crypto/pem.h"
+#include "ccf/crypto/public_key.h"
+#include "ccf/crypto/san.h"
+#include "ccf/ds/buffer.h"
 
 #include <cstdint>
 #include <optional>

include/ccf/crypto/key_wrap.h

@@ -2,8 +2,8 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "crypto/symmetric_key.h"
-#include "rsa_key_pair.h"
+#include "ccf/crypto/rsa_key_pair.h"
+#include "ccf/crypto/symmetric_key.h"
 
 #include <cstddef>
 #include <cstdint>

include/ccf/crypto/pem.h

@@ -2,8 +2,8 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/ds/buffer.h"
 #include "ccf/ds/json.h"
-#include "ds/buffer.h"
 
 #include <cstring>
 #include <exception>

include/ccf/crypto/public_key.h

@@ -2,10 +2,10 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "curve.h"
-#include "hash.h"
-#include "pem.h"
-#include "san.h"
+#include "ccf/crypto/curve.h"
+#include "ccf/crypto/hash_bytes.h"
+#include "ccf/crypto/pem.h"
+#include "ccf/crypto/san.h"
 
 #include <cstdint>
 #include <optional>

include/ccf/crypto/rsa_key_pair.h

@@ -2,10 +2,9 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "crypto/hash_provider.h"
-#include "key_pair.h"
-#include "pem.h"
-#include "rsa_public_key.h"
+#include "ccf/crypto/key_pair.h"
+#include "ccf/crypto/pem.h"
+#include "ccf/crypto/rsa_public_key.h"
 
 #include <cstdint>
 #include <optional>

include/ccf/crypto/rsa_public_key.h

@@ -2,8 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "hash.h"
-#include "pem.h"
+#include "ccf/crypto/pem.h"
 
 #include <cstdint>
 #include <optional>

include/ccf/crypto/sha256.h

@@ -0,0 +1,21 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the Apache 2.0 License.
+#pragma once
+
+#include "ccf/crypto/hash_bytes.h"
+
+#include <vector>
+
+namespace crypto
+{
+  /** Compute the SHA256 hash of @p data
+   * @param data The data to compute the hash of
+   */
+  HashBytes sha256(const std::vector<uint8_t>& data);
+
+  /** Compute the SHA256 hash of @p data
+   * @param data The data to compute the hash of
+   * @param len Length of the data
+   */
+  HashBytes sha256(const uint8_t* data, size_t len);
+}

include/ccf/crypto/sha256_hash.h

@@ -50,3 +50,22 @@ namespace crypto
 
   bool operator!=(const Sha256Hash& lhs, const Sha256Hash& rhs);
 }
+
+namespace fmt
+{
+  template <>
+  struct formatter<crypto::Sha256Hash>
+  {
+    template <typename ParseContext>
+    constexpr auto parse(ParseContext& ctx)
+    {
+      return ctx.begin();
+    }
+
+    template <typename FormatContext>
+    auto format(const crypto::Sha256Hash& p, FormatContext& ctx)
+    {
+      return format_to(ctx.out(), "<sha256 {:02x}>", fmt::join(p.h, ""));
+    }
+  };
+}

include/ccf/crypto/symmetric_key.h

@@ -2,7 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "ds/buffer.h"
+#include "ccf/ds/buffer.h"
 #include "ds/serialized.h"
 #include "ds/thread_messaging.h"
 

include/ccf/crypto/verifier.h

@@ -2,10 +2,9 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "hash.h"
-#include "key_pair.h"
-#include "pem.h"
-#include "public_key.h"
+#include "ccf/crypto/key_pair.h"
+#include "ccf/crypto/pem.h"
+#include "ccf/crypto/public_key.h"
 
 namespace crypto
 {
@@ -236,6 +235,4 @@ namespace crypto
     const std::vector<uint8_t>& der);
 
   crypto::Pem public_key_pem_from_cert(const std::vector<uint8_t>& der);
-
-  void check_is_cert(const CBuffer& der);
 }

include/ccf/ds/buffer.h

@@ -1,5 +1,6 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
+
 #pragma once
 #include <atomic>
 #include <stdint.h>

include/ccf/ds/enum_formatter.h

@@ -0,0 +1,30 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the Apache 2.0 License.
+#pragma once
+
+#define FMT_HEADER_ONLY
+#include <fmt/format.h>
+
+/**
+ * Generic formatter for scoped enums.
+ * Newer version of fmt does not include it by default.
+ */
+namespace fmt
+{
+  template <typename E>
+  struct formatter<E, std::enable_if_t<std::is_enum_v<E>, char>>
+  {
+    template <typename ParseContext>
+    constexpr auto parse(ParseContext& ctx)
+    {
+      return ctx.begin();
+    }
+
+    template <typename FormatContext>
+    auto format(const E& value, FormatContext& ctx)
+    {
+      return format_to(
+        ctx.out(), "{}", static_cast<std::underlying_type_t<E>>(value));
+    }
+  };
+}

include/ccf/ds/logger.h

@@ -2,6 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/ds/enum_formatter.h"
 #include "ccf/ds/thread_ids.h"
 
 #define FMT_HEADER_ONLY
@@ -13,30 +14,6 @@
 #include <sstream>
 #include <type_traits>
 
-/**
- * Generic formatter for scoped enums.
- * Newer version of fmt does not include it by default.
- */
-namespace fmt
-{
-  template <typename E>
-  struct formatter<E, std::enable_if_t<std::is_enum_v<E>, char>>
-  {
-    template <typename ParseContext>
-    constexpr auto parse(ParseContext& ctx)
-    {
-      return ctx.begin();
-    }
-
-    template <typename FormatContext>
-    auto format(const E& value, FormatContext& ctx)
-    {
-      return format_to(
-        ctx.out(), "{}", static_cast<std::underlying_type_t<E>>(value));
-    }
-  };
-}
-
 namespace logger
 {
   enum Level

samples/apps/logging/logging.cpp

@@ -7,12 +7,12 @@
 // CCF
 #include "apps/utils/metrics_tracker.h"
 #include "ccf/app_interface.h"
+#include "ccf/crypto/verifier.h"
 #include "ccf/historical_queries_adapter.h"
 #include "ccf/http_query.h"
 #include "ccf/indexing/strategies/seqnos_by_key_bucketed.h"
 #include "ccf/user_frontend.h"
 #include "ccf/version.h"
-#include "crypto/verifier.h"
 #include "node/tx_receipt.h"
 
 #include <charconv>
@@ -444,11 +444,11 @@ namespace loggingapp
           return;
         }
 
-        std::shared_ptr<Verifier> verifier;
+        std::shared_ptr<crypto::Verifier> verifier;
         try
         {
           const auto& cert_data = ctx.rpc_ctx->session->caller_cert;
-          verifier = make_verifier(cert_data);
+          verifier = crypto::make_verifier(cert_data);
         }
         catch (const std::exception& ex)
         {

src/apps/js_generic/js_generic_base.cpp

@@ -2,12 +2,11 @@
 // Licensed under the Apache 2.0 License.
 #include "apps/utils/metrics_tracker.h"
 #include "ccf/app_interface.h"
+#include "ccf/crypto/key_wrap.h"
+#include "ccf/crypto/rsa_key_pair.h"
 #include "ccf/historical_queries_adapter.h"
 #include "ccf/user_frontend.h"
 #include "ccf/version.h"
-#include "crypto/entropy.h"
-#include "crypto/key_wrap.h"
-#include "crypto/rsa_key_pair.h"
 #include "js/wrap.h"
 #include "kv/untyped_map.h"
 #include "named_auth_policies.h"

src/apps/js_v8/js_v8_base.cpp

@@ -2,12 +2,11 @@
 // Licensed under the Apache 2.0 License.
 #include "apps/utils/metrics_tracker.h"
 #include "ccf/app_interface.h"
+#include "ccf/crypto/key_wrap.h"
+#include "ccf/crypto/rsa_key_pair.h"
 #include "ccf/historical_queries_adapter.h"
 #include "ccf/user_frontend.h"
 #include "ccf/version.h"
-#include "crypto/entropy.h"
-#include "crypto/key_wrap.h"
-#include "crypto/rsa_key_pair.h"
 #include "kv/untyped_map.h"
 #include "kv_module_loader.h"
 #include "named_auth_policies.h"

src/apps/js_v8/tmpl/ccf_global.cpp

@@ -3,11 +3,13 @@
 #include "ccf_global.h"
 
 #include "apps/js_v8/tmpl/crypto.h"
+#include "ccf/crypto/entropy.h"
+#include "ccf/crypto/key_wrap.h"
+#include "ccf/crypto/rsa_key_pair.h"
+#include "ccf/crypto/sha256.h"
+#include "ccf/crypto/verifier.h"
 #include "ccf/ds/logger.h"
 #include "consensus.h"
-#include "crypto/entropy.h"
-#include "crypto/key_wrap.h"
-#include "crypto/rsa_key_pair.h"
 #include "historical.h"
 #include "historical_state.h"
 #include "kv_store.h"
@@ -221,7 +223,7 @@ namespace ccf::v8_tmpl
     }
 
     auto data = v8_util::get_array_buffer_data(buffer);
-    auto h = crypto::SHA256(data.p, data.n);
+    auto h = crypto::sha256(data.p, data.n);
     v8::Local<v8::Value> value =
       v8_util::to_v8_array_buffer_copy(isolate, h.data(), h.size());
 

src/apps/js_v8/tmpl/crypto.cpp

@@ -2,10 +2,10 @@
 // Licensed under the Apache 2.0 License.
 #include "apps/js_v8/tmpl/crypto.h"
 
+#include "ccf/crypto/rsa_key_pair.h"
+#include "ccf/crypto/verifier.h"
 #include "ccf/ds/logger.h"
 #include "crypto/ecdsa.h"
-#include "crypto/rsa_key_pair.h"
-#include "crypto/verifier.h"
 #include "template.h"
 
 // NOTE: The rest of the crypto functions are defined in ccf_global.cpp.

src/apps/js_v8/v8_util.cpp

@@ -1,8 +1,8 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
 
+#include "ccf/ds/buffer.h"
 #include "ccf/ds/logger.h"
-#include "ds/buffer.h"
 #include "v8.h"
 
 namespace ccf::v8_util

src/apps/js_v8/v8_util.h

@@ -2,7 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "ds/buffer.h"
+#include "ccf/ds/buffer.h"
 #include "nlohmann/json.hpp"
 #include "v8.h"
 

src/clients/perf/perf_client.h

@@ -6,9 +6,9 @@
 #include "timing.h"
 
 // CCF
+#include "ccf/crypto/verifier.h"
 #include "ccf/ds/logger.h"
 #include "clients/rpc_tls_client.h"
-#include "crypto/verifier.h"
 #include "ds/cli_helper.h"
 #include "ds/files.h"
 

src/clients/rpc_tls_client.h

@@ -2,6 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/key_pair.h"
 #include "ccf/http_consts.h"
 #include "ccf/serdes.h"
 #include "http/http_builder.h"
@@ -9,7 +10,6 @@
 #include "tls_client.h"
 
 #define FMT_HEADER_ONLY
-#include <crypto/key_pair.h>
 #include <fmt/format.h>
 #include <http/http_sig.h>
 #include <nlohmann/json.hpp>

src/clients/tls_client.h

@@ -2,9 +2,9 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/ds/buffer.h"
 #include "ccf/ds/logger.h"
 #include "crypto/openssl/openssl_wrappers.h"
-#include "ds/buffer.h"
 #include "tls/ca.h"
 #include "tls/cert.h"
 
@@ -17,7 +17,6 @@
 #include <string>
 #include <vector>
 
-using namespace crypto;
 using namespace crypto::OpenSSL;
 
 #ifdef _DEBUG

src/common/configuration.h

@@ -3,10 +3,10 @@
 
 #pragma once
 
+#include "ccf/crypto/curve.h"
 #include "ccf/ds/logger.h"
 #include "common/enclave_interface_types.h"
 #include "consensus/consensus_types.h"
-#include "crypto/curve.h"
 #include "ds/oversized.h"
 #include "ds/unit_strings.h"
 #include "enclave/consensus_type.h"

src/consensus/aft/impl/state.h

@@ -2,11 +2,11 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/key_pair.h"
+#include "ccf/crypto/verifier.h"
 #include "ccf/ds/logger.h"
 #include "ccf/tx_status.h"
 #include "consensus/aft/raft_types.h"
-#include "crypto/key_pair.h"
-#include "crypto/verifier.h"
 #include "kv/kv_types.h"
 
 #include <map>

src/consensus/aft/raft_types.h

@@ -5,7 +5,6 @@
 #include "ccf/entity_id.h"
 #include "consensus/consensus_types.h"
 #include "crypto/ecdsa.h"
-#include "crypto/hash.h"
 #include "ds/ring_buffer_types.h"
 #include "enclave/rpc_context.h"
 #include "enclave/rpc_handler.h"

src/consensus/aft/revealed_nonces.h

@@ -3,7 +3,6 @@
 #pragma once
 
 #include "ccf/entity_id.h"
-#include "crypto/hash.h"
 #include "service/map.h"
 
 #include <string>

src/consensus/aft/test/enclave.cpp

@@ -1,8 +1,8 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
 #define DOCTEST_CONFIG_IMPLEMENT_WITH_MAIN
+#include "ccf/crypto/key_pair.h"
 #include "consensus/ledger_enclave.h"
-#include "crypto/key_pair.h"
 #include "ds/ring_buffer.h"
 
 #include <doctest/doctest.h>

src/crypto/certs.h

@@ -2,9 +2,9 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "key_pair.h"
+#include "ccf/crypto/key_pair.h"
+#include "ccf/crypto/pem.h"
 #include "openssl/x509_time.h"
-#include "pem.h"
 
 #include <string>
 

src/crypto/csr.h

@@ -2,8 +2,8 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/pem.h"
 #include "crypto/openssl/openssl_wrappers.h"
-#include "pem.h"
 
 #include <openssl/bio.h>
 

src/crypto/entropy.cpp

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
 
-#include "entropy.h"
+#include "ccf/crypto/entropy.h"
 
 #include "openssl/entropy.h"
 

src/crypto/hash.cpp

@@ -1,8 +1,10 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
-#include "hash.h"
 
-#include "openssl/hash.h"
+#include "crypto/openssl/hash.h"
+
+#include "ccf/crypto/hkdf.h"
+#include "ccf/crypto/sha256.h"
 
 #include <openssl/sha.h>
 
@@ -13,7 +15,7 @@ namespace crypto
     return openssl_sha256(data, h);
   }
 
-  std::vector<uint8_t> SHA256(const std::vector<uint8_t>& data)
+  std::vector<uint8_t> sha256(const std::vector<uint8_t>& data)
   {
     size_t hash_size = EVP_MD_size(OpenSSL::get_md_type(MDType::SHA256));
     std::vector<uint8_t> r(hash_size);
@@ -21,7 +23,7 @@ namespace crypto
     return r;
   }
 
-  std::vector<uint8_t> SHA256(const uint8_t* data, size_t len)
+  std::vector<uint8_t> sha256(const uint8_t* data, size_t len)
   {
     CBuffer buf(data, len);
     size_t hash_size = EVP_MD_size(OpenSSL::get_md_type(MDType::SHA256));

src/crypto/hash.h

@@ -1,56 +0,0 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the Apache 2.0 License.
-#pragma once
-
-#include "hash_provider.h"
-
-#define FMT_HEADER_ONLY
-#include <fmt/format.h>
-#include <ostream>
-
-namespace crypto
-{
-  /** Compute the SHA256 hash of @p data
-   * @param data The data to compute the hash of
-   */
-  std::vector<uint8_t> SHA256(const std::vector<uint8_t>& data);
-
-  /** Compute the SHA256 hash of @p data
-   * @param data The data to compute the hash of
-   * @param len Length of the data
-   */
-  std::vector<uint8_t> SHA256(const uint8_t* data, size_t len);
-
-  /** Create a default hash provider */
-  std::shared_ptr<HashProvider> make_hash_provider();
-
-  /** Create a default incremental SHA256 hash provider */
-  std::shared_ptr<ISha256Hash> make_incremental_sha256();
-
-  /** Perform HKDF key derivation */
-  std::vector<uint8_t> hkdf(
-    MDType md_type,
-    size_t length,
-    const std::vector<uint8_t>& ikm,
-    const std::vector<uint8_t>& salt = {},
-    const std::vector<uint8_t>& info = {});
-}
-
-namespace fmt
-{
-  template <>
-  struct formatter<crypto::Sha256Hash>
-  {
-    template <typename ParseContext>
-    constexpr auto parse(ParseContext& ctx)
-    {
-      return ctx.begin();
-    }
-
-    template <typename FormatContext>
-    auto format(const crypto::Sha256Hash& p, FormatContext& ctx)
-    {
-      return format_to(ctx.out(), "<sha256 {:02x}>", fmt::join(p.h, ""));
-    }
-  };
-}

src/crypto/hmac.h

@@ -2,7 +2,8 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "hash_provider.h"
+#include "ccf/crypto/hash_bytes.h"
+#include "ccf/crypto/md_type.h"
 
 namespace crypto
 {

src/crypto/key_exchange.h

@@ -2,9 +2,8 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/key_pair.h"
 #include "ccf/ds/logger.h"
-#include "crypto/entropy.h"
-#include "crypto/key_pair.h"
 #include "crypto/openssl/openssl_wrappers.h"
 #include "crypto/openssl/public_key.h"
 

src/crypto/key_pair.cpp

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
 
-#include "key_pair.h"
+#include "ccf/crypto/key_pair.h"
 
 #include "openssl/key_pair.h"
 #include "openssl/public_key.h"

src/crypto/key_wrap.cpp

@@ -1,12 +1,12 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
 
-#include "key_wrap.h"
+#include "ccf/crypto/key_wrap.h"
 
-#include "crypto/key_pair.h"
-#include "crypto/symmetric_key.h"
+#include "ccf/crypto/key_pair.h"
+#include "ccf/crypto/rsa_key_pair.h"
+#include "ccf/crypto/symmetric_key.h"
 #include "openssl/symmetric_key.h"
-#include "rsa_key_pair.h"
 
 #include <cstdint>
 #include <stdexcept>

src/crypto/openssl/entropy.h

@@ -2,7 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "crypto/entropy.h"
+#include "ccf/crypto/entropy.h"
 #include "openssl_wrappers.h"
 
 #include <functional>

src/crypto/openssl/hash.cpp

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
 
-#include "hash.h"
+#include "crypto/openssl/hash.h"
 
 #include <openssl/sha.h>
 #include <stdexcept>

src/crypto/openssl/hash.h

@@ -2,7 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "crypto/hash_provider.h"
+#include "ccf/crypto/hash_provider.h"
 #include "openssl_wrappers.h"
 
 #include <openssl/evp.h>

src/crypto/openssl/key_pair.cpp

@@ -1,11 +1,11 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
 
-#include "key_pair.h"
+#include "crypto/openssl/key_pair.h"
 
-#include "crypto/curve.h"
+#include "ccf/crypto/curve.h"
+#include "crypto/openssl/hash.h"
 #include "crypto/openssl/public_key.h"
-#include "hash.h"
 #include "openssl_wrappers.h"
 #include "x509_time.h"
 

src/crypto/openssl/key_pair.h

@@ -2,9 +2,10 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "../key_pair.h"
+#include "ccf/crypto/key_pair.h"
+#include "ccf/crypto/public_key.h"
+#include "crypto/openssl/public_key.h"
 #include "openssl_wrappers.h"
-#include "public_key.h"
 
 #include <stdexcept>
 #include <string>

src/crypto/openssl/openssl_wrappers.h

@@ -2,8 +2,9 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/pem.h"
+
 #define FMT_HEADER_ONLY
-#include <crypto/pem.h>
 #include <fmt/format.h>
 #include <memory>
 #include <openssl/asn1.h>

src/crypto/openssl/public_key.cpp

@@ -1,9 +1,10 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
 
-#include "public_key.h"
+#include "crypto/openssl/public_key.h"
 
-#include "hash.h"
+#include "ccf/ds/logger.h"
+#include "crypto/openssl/hash.h"
 #include "openssl_wrappers.h"
 
 #include <openssl/ec.h>

src/crypto/openssl/public_key.h

@@ -2,7 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "../public_key.h"
+#include "ccf/crypto/public_key.h"
 #include "openssl_wrappers.h"
 
 #include <openssl/err.h>

src/crypto/openssl/rsa_key_pair.cpp

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
 
-#include "rsa_key_pair.h"
+#include "crypto/openssl/rsa_key_pair.h"
 
 #include "crypto/openssl/hash.h"
 #include "openssl_wrappers.h"

src/crypto/openssl/rsa_key_pair.h

@@ -2,8 +2,9 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "crypto/rsa_key_pair.h"
-#include "rsa_public_key.h"
+#include "ccf/crypto/rsa_key_pair.h"
+#include "ccf/crypto/rsa_public_key.h"
+#include "crypto/openssl/rsa_public_key.h"
 
 #include <optional>
 #include <vector>

src/crypto/openssl/rsa_public_key.cpp

@@ -1,9 +1,9 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
 
-#include "hash.h"
+#include "crypto/openssl/hash.h"
+#include "crypto/openssl/rsa_key_pair.h"
 #include "openssl_wrappers.h"
-#include "rsa_key_pair.h"
 
 namespace crypto
 {

src/crypto/openssl/rsa_public_key.h

@@ -2,9 +2,10 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "crypto/rsa_public_key.h"
-#include "hash.h"
-#include "key_pair.h"
+#include "ccf/crypto/key_pair.h"
+#include "ccf/crypto/rsa_public_key.h"
+#include "crypto/openssl/hash.h"
+#include "crypto/openssl/public_key.h"
 
 #include <optional>
 #include <string>

src/crypto/openssl/symmetric_key.cpp

@@ -1,10 +1,11 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
-#include "symmetric_key.h"
 
+#include "crypto/openssl/symmetric_key.h"
+
+#include "ccf/crypto/symmetric_key.h"
 #include "ccf/ds/logger.h"
 #include "crypto/openssl/openssl_wrappers.h"
-#include "crypto/symmetric_key.h"
 #include "ds/thread_messaging.h"
 
 #include <openssl/aes.h>

src/crypto/openssl/symmetric_key.h

@@ -2,7 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "crypto/symmetric_key.h"
+#include "ccf/crypto/symmetric_key.h"
 #include "openssl_wrappers.h"
 
 #include <openssl/crypto.h>

src/crypto/openssl/verifier.cpp

@@ -1,11 +1,12 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
 
-#include "verifier.h"
+#include "crypto/openssl/verifier.h"
 
+#include "ccf/crypto/public_key.h"
+#include "ccf/ds/logger.h"
 #include "crypto/openssl/openssl_wrappers.h"
-#include "public_key.h"
-#include "rsa_key_pair.h"
+#include "crypto/openssl/rsa_key_pair.h"
 #include "x509_time.h"
 
 #include <openssl/evp.h>

src/crypto/openssl/verifier.h

@@ -2,8 +2,8 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/verifier.h"
 #include "crypto/openssl/openssl_wrappers.h"
-#include "crypto/verifier.h"
 
 #include <openssl/x509.h>
 

src/crypto/rsa_key_pair.cpp

@@ -3,7 +3,7 @@
 
 #include "openssl/rsa_key_pair.h"
 
-#include "rsa_key_pair.h"
+#include "crypto/openssl/rsa_key_pair.h"
 
 namespace crypto
 {

src/crypto/sha256_hash.cpp

@@ -3,7 +3,7 @@
 
 #include "ccf/crypto/sha256_hash.h"
 
-#include "ds/buffer.h"
+#include "ccf/ds/buffer.h"
 #include "ds/hex.h"
 
 namespace crypto

src/crypto/symmetric_key.cpp

@@ -3,8 +3,8 @@
 
 #include "crypto/openssl/symmetric_key.h"
 
-#include "crypto/rsa_key_pair.h"
-#include "symmetric_key.h"
+#include "ccf/crypto/rsa_key_pair.h"
+#include "ccf/crypto/symmetric_key.h"
 
 namespace crypto
 {

src/crypto/test/bench.cpp

@@ -1,16 +1,17 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
+
 #include "ccf/crypto/base64.h"
-#include "crypto/entropy.h"
-#include "crypto/hash.h"
-#include "crypto/hash_provider.h"
+#include "ccf/crypto/entropy.h"
+#include "ccf/crypto/hash_provider.h"
+#include "ccf/crypto/key_pair.h"
+#include "ccf/crypto/sha256.h"
+#include "ccf/crypto/symmetric_key.h"
 #include "crypto/hmac.h"
-#include "crypto/key_pair.h"
 #include "crypto/openssl/base64.h"
 #include "crypto/openssl/hash.h"
 #include "crypto/openssl/key_pair.h"
 #include "crypto/openssl/rsa_key_pair.h"
-#include "crypto/symmetric_key.h"
 
 #define PICOBENCH_IMPLEMENT_WITH_MAIN
 #include <picobench/picobench.hpp>

src/crypto/test/crypto.cpp

@@ -2,20 +2,20 @@
 // Licensed under the Apache 2.0 License.
 #define DOCTEST_CONFIG_IMPLEMENT_WITH_MAIN
 #include "ccf/crypto/base64.h"
+#include "ccf/crypto/entropy.h"
+#include "ccf/crypto/key_pair.h"
+#include "ccf/crypto/key_wrap.h"
+#include "ccf/crypto/rsa_key_pair.h"
+#include "ccf/crypto/symmetric_key.h"
+#include "ccf/crypto/verifier.h"
 #include "crypto/certs.h"
 #include "crypto/csr.h"
-#include "crypto/entropy.h"
 #include "crypto/hmac.h"
-#include "crypto/key_pair.h"
-#include "crypto/key_wrap.h"
 #include "crypto/openssl/key_pair.h"
 #include "crypto/openssl/rsa_key_pair.h"
 #include "crypto/openssl/symmetric_key.h"
 #include "crypto/openssl/verifier.h"
 #include "crypto/openssl/x509_time.h"
-#include "crypto/rsa_key_pair.h"
-#include "crypto/symmetric_key.h"
-#include "crypto/verifier.h"
 
 #include <chrono>
 #include <cstring>

src/crypto/test/kp_cert.cpp

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
+#include "ccf/crypto/key_pair.h"
 #include "crypto/certs.h"
-#include "crypto/key_pair.h"
 #include "ds/cli_helper.h"
 
 #include <CLI11/CLI11.hpp>

src/crypto/verifier.cpp

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
 
-#include "verifier.h"
+#include "ccf/crypto/verifier.h"
 
 #include "crypto/openssl/verifier.h"
 
@@ -49,9 +49,4 @@ namespace crypto
   {
     return make_unique_verifier(der)->public_key_pem();
   }
-
-  void check_is_cert(const CBuffer& der)
-  {
-    make_unique_verifier((std::vector<uint8_t>)der); // throws on error
-  }
 }

src/ds/champ_map.h

@@ -3,7 +3,7 @@
 #pragma once
 
 #include "ccf/ccf_assert.h"
-#include "ds/buffer.h"
+#include "ccf/ds/buffer.h"
 #include "ds/hash.h"
 #include "ds/map_serializers.h"
 

src/ds/cli_helper.h

@@ -2,8 +2,8 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/san.h"
 #include "ccf/ds/nonstd.h"
-#include "crypto/san.h"
 #include "service/tables/node_info_network.h"
 
 #include <CLI11/CLI11.hpp>

src/ds/hex.h

@@ -2,7 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "ds/buffer.h"
+#include "ccf/ds/buffer.h"
 
 #define FMT_HEADER_ONLY
 

src/ds/ring_buffer_types.h

@@ -3,7 +3,7 @@
 #pragma once
 
 #include "ccf/ds/nonstd.h"
-#include "hash.h"
+#include "ds/hash.h"
 #include "serializer.h"
 
 #include <atomic>

src/ds/test/hash.cpp

@@ -1,6 +1,6 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
-#include "../hash.h"
+#include "ds/hash.h"
 
 #include "ccf/ds/siphash.h"
 #include "siphash_known_hashes.h"

src/enclave/enclave.h

@@ -3,7 +3,6 @@
 #pragma once
 #include "ccf/app_interface.h"
 #include "ccf/ds/logger.h"
-#include "crypto/hash.h"
 #include "ds/oversized.h"
 #include "enclave_time.h"
 #include "indexing/enclave_lfs_access.h"
@@ -110,7 +109,7 @@ namespace enclave
       size_t sig_tx_interval,
       size_t sig_ms_interval,
       const consensus::Configuration& consensus_config,
-      const CurveID& curve_id) :
+      const crypto::CurveID& curve_id) :
       circuit(std::move(circuit_)),
       basic_writer_factory(std::move(basic_writer_factory_)),
       writer_factory(std::move(writer_factory_)),

src/enclave/interface.h

@@ -2,7 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "ds/buffer.h"
+#include "ccf/ds/buffer.h"
 #include "ds/oversized.h"
 #include "ds/ring_buffer_types.h"
 

src/enclave/rpc_handler.h

@@ -1,8 +1,8 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
 #pragma once
+#include "ccf/ds/buffer.h"
 #include "ccf/tx.h"
-#include "ds/buffer.h"
 #include "forwarder_types.h"
 
 #include <chrono>

src/endpoints/authentication/sig_auth.cpp

@@ -3,6 +3,7 @@
 
 #include "ccf/endpoints/authentication/sig_auth.h"
 
+#include "ccf/crypto/verifier.h"
 #include "ds/lru.h"
 #include "enclave/rpc_context.h"
 #include "http/http_sig.h"

src/host/enclave.h

@@ -2,10 +2,9 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/key_pair.h"
 #include "ccf/ds/logger.h"
 #include "ccf/version.h"
-#include "crypto/hash.h"
-#include "crypto/key_pair.h"
 #include "enclave/interface.h"
 
 #include <dlfcn.h>

src/http/http_jwt.h

@@ -3,9 +3,8 @@
 #pragma once
 
 #include "ccf/crypto/base64.h"
+#include "ccf/crypto/verifier.h"
 #include "ccf/http_consts.h"
-#include "crypto/hash.h"
-#include "crypto/verifier.h"
 #include "http_parser.h"
 
 #define FMT_HEADER_ONLY

src/http/http_sig.h

@@ -3,10 +3,10 @@
 #pragma once
 
 #include "ccf/crypto/base64.h"
+#include "ccf/crypto/key_pair.h"
+#include "ccf/crypto/sha256_hash.h"
 #include "ccf/http_consts.h"
 #include "ccf/service/signed_req.h"
-#include "crypto/hash.h"
-#include "crypto/key_pair.h"
 #include "http_parser.h"
 
 #define FMT_HEADER_ONLY

src/http/test/http_test.cpp

@@ -1,8 +1,8 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
 
+#include "ccf/crypto/key_pair.h"
 #include "ccf/http_query.h"
-#include "crypto/key_pair.h"
 #include "http/http_accept.h"
 #include "http/http_builder.h"
 #include "http/http_parser.h"

src/indexing/enclave_lfs_access.h

@@ -2,10 +2,10 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/entropy.h"
+#include "ccf/crypto/sha256.h"
+#include "ccf/crypto/symmetric_key.h"
 #include "ccf/indexing/lfs_interface.h"
-#include "crypto/entropy.h"
-#include "crypto/hash.h"
-#include "crypto/symmetric_key.h"
 #include "ds/hex.h"
 #include "ds/messaging.h"
 #include "indexing/lfs_ringbuffer_types.h"
@@ -240,7 +240,7 @@ namespace ccf::indexing
 #ifdef PLAINTEXT_CACHE
       return key;
 #else
-      const auto h = crypto::SHA256((const uint8_t*)key.data(), key.size());
+      const auto h = crypto::sha256((const uint8_t*)key.data(), key.size());
       return ds::to_hex(h);
 #endif
     }

src/js/crypto.cpp

@@ -1,9 +1,11 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the Apache 2.0 License.
+
+#include "ccf/crypto/entropy.h"
+#include "ccf/crypto/key_wrap.h"
+#include "ccf/crypto/rsa_key_pair.h"
+#include "ccf/crypto/sha256.h"
 #include "crypto/ecdsa.h"
-#include "crypto/entropy.h"
-#include "crypto/key_wrap.h"
-#include "crypto/rsa_key_pair.h"
 #include "js/wrap.h"
 #include "tls/ca.h"
 
@@ -112,7 +114,7 @@ namespace ccf::js
       return JS_EXCEPTION;
     }
 
-    auto h = crypto::SHA256(data, data_size);
+    auto h = crypto::sha256(data, data_size);
     return JS_NewArrayBufferCopy(ctx, h.data(), h.size());
   }
 

src/kv/committable_tx.h

@@ -4,6 +4,7 @@
 
 #include "apply_changes.h"
 #include "ccf/tx.h"
+#include "ds/hex.h"
 #include "kv_serialiser.h"
 #include "kv_types.h"
 #include "node/rpc/claims.h"

src/kv/generic_serialise_wrapper.h

@@ -3,7 +3,7 @@
 #pragma once
 
 #include "ccf/ccf_assert.h"
-#include "ds/buffer.h"
+#include "ccf/ds/buffer.h"
 #include "kv_types.h"
 #include "node/rpc/claims.h"
 #include "serialised_entry.h"

src/kv/kv_types.h

@@ -3,11 +3,10 @@
 #pragma once
 
 #include "ccf/claims_digest.h"
+#include "ccf/crypto/pem.h"
 #include "ccf/ds/nonstd.h"
 #include "ccf/entity_id.h"
 #include "ccf/tx_id.h"
-#include "crypto/hash.h"
-#include "crypto/pem.h"
 #include "enclave/consensus_type.h"
 #include "enclave/reconfiguration_type.h"
 #include "node/identity.h"

src/kv/test/stub_consensus.h

@@ -2,8 +2,8 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/symmetric_key.h"
 #include "consensus/aft/impl/state.h"
-#include "crypto/symmetric_key.h"
 #include "kv/kv_types.h"
 #include "service/tables/resharing_types.h"
 

src/node/channels.h

@@ -2,13 +2,14 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/entropy.h"
+#include "ccf/crypto/hkdf.h"
+#include "ccf/crypto/key_pair.h"
+#include "ccf/crypto/symmetric_key.h"
+#include "ccf/crypto/verifier.h"
 #include "ccf/ds/logger.h"
 #include "ccf/entity_id.h"
-#include "crypto/hash_provider.h"
 #include "crypto/key_exchange.h"
-#include "crypto/key_pair.h"
-#include "crypto/symmetric_key.h"
-#include "crypto/verifier.h"
 #include "ds/hex.h"
 #include "ds/serialized.h"
 #include "ds/state_machine.h"

src/node/encryptor.h

@@ -2,7 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "crypto/symmetric_key.h"
+#include "ccf/crypto/symmetric_key.h"
 #include "kv/encryptor.h"
 #include "ledger_secrets.h"
 

src/node/history.h

@@ -3,8 +3,6 @@
 #pragma once
 
 #include "ccf/ds/logger.h"
-#include "crypto/hash.h"
-#include "crypto/verifier.h"
 #include "ds/dl_list.h"
 #include "ds/thread_messaging.h"
 #include "endian.h"

src/node/identity.h

@@ -2,10 +2,9 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/curve.h"
 #include "crypto/certs.h"
-#include "crypto/curve.h"
 #include "crypto/openssl/key_pair.h"
-#include "crypto/verifier.h"
 
 #include <openssl/crypto.h>
 #include <string>

src/node/ledger_secret.h

@@ -2,9 +2,9 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "crypto/entropy.h"
+#include "ccf/crypto/entropy.h"
+#include "ccf/crypto/symmetric_key.h"
 #include "crypto/hmac.h"
-#include "crypto/symmetric_key.h"
 #include "kv/kv_types.h"
 #include "service/tables/secrets.h"
 #include "service/tables/shares.h"

src/node/ledger_secrets.h

@@ -2,9 +2,8 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/symmetric_key.h"
 #include "ccf/tx.h"
-#include "crypto/entropy.h"
-#include "crypto/symmetric_key.h"
 #include "kv/kv_types.h"
 #include "ledger_secret.h"
 #include "service/table_names.h"

src/node/node_client.h

@@ -2,8 +2,8 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/pem.h"
 #include "consensus/aft/raft_types.h"
-#include "crypto/pem.h"
 #include "enclave/rpc_sessions.h"
 
 namespace ccf

src/node/node_signature_verify.h

@@ -2,8 +2,8 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/verifier.h"
 #include "ccf/tx.h"
-#include "crypto/verifier.h"
 #include "service/blit.h"
 #include "service/tables/nodes.h"
 

src/node/node_state.h

@@ -2,15 +2,14 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/entropy.h"
+#include "ccf/crypto/pem.h"
+#include "ccf/crypto/symmetric_key.h"
 #include "ccf/ds/logger.h"
 #include "ccf/serdes.h"
 #include "consensus/aft/raft.h"
 #include "consensus/ledger_enclave.h"
 #include "crypto/certs.h"
-#include "crypto/entropy.h"
-#include "crypto/pem.h"
-#include "crypto/symmetric_key.h"
-#include "crypto/verifier.h"
 #include "ds/state_machine.h"
 #include "enclave/reconfiguration_type.h"
 #include "enclave/rpc_sessions.h"
@@ -72,7 +71,7 @@ namespace ccf
     ds::StateMachine<NodeStartupState> sm;
     std::mutex lock;
 
-    CurveID curve_id;
+    crypto::CurveID curve_id;
     std::vector<crypto::SubjectAltName> subject_alt_names = {};
 
     std::shared_ptr<crypto::KeyPair_OpenSSL> node_sign_kp;
@@ -190,7 +189,7 @@ namespace ccf
       NetworkState& network,
       std::shared_ptr<enclave::RPCSessions> rpcsessions,
       ShareManager& share_manager,
-      CurveID curve_id_) :
+      crypto::CurveID curve_id_) :
       sm("NodeState", NodeStartupState::uninitialized),
       curve_id(curve_id_),
       node_sign_kp(std::make_shared<crypto::KeyPair_OpenSSL>(curve_id_)),

src/node/node_types.h

@@ -2,7 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "crypto/hash.h"
+#include "ccf/crypto/sha256_hash.h"
 #include "ds/ring_buffer_types.h"
 #include "entities.h"
 

src/node/request_tracker.h

@@ -2,7 +2,6 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 #include "ccf/ccf_assert.h"
-#include "crypto/hash.h"
 #include "ds/dl_list.h"
 
 #include <array>

src/node/resharing.h

@@ -2,11 +2,10 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/pem.h"
 #include "ccf/serdes.h"
 #include "ccf/tx_id.h"
 #include "consensus/aft/impl/state.h"
-#include "crypto/pem.h"
-#include "crypto/verifier.h"
 #include "enclave/rpc_sessions.h"
 #include "kv/kv_types.h"
 #include "node/identity.h"

src/node/rpc/frontend.h

@@ -2,11 +2,10 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/ds/buffer.h"
 #include "ccf/endpoint_registry.h"
 #include "ccf/service/signed_req.h"
 #include "consensus/aft/request.h"
-#include "crypto/verifier.h"
-#include "ds/buffer.h"
 #include "enclave/rpc_handler.h"
 #include "forwarder.h"
 #include "http/http_jwt.h"